[00:44.380 --> 00:51.220]  Hi there! So we are live with the speakers who presented on practical VoIP
[00:51.220 --> 00:57.580]  hacking using Mr. Sip. And welcome, welcome to DEF CON Safe Mode. Not quite what you would
[00:57.580 --> 01:03.320]  normally have expected probably for coming to Vegas, right? But glad that you're able to join
[01:03.320 --> 01:09.200]  us and share some information with us. I understand though that you are both first-time speakers at
[01:09.200 --> 01:14.920]  DEF CON. Is that correct? Yes, that's correct. Thank you. Thank you for the opportunity.
[01:15.340 --> 01:20.800]  Yeah, that's great. Yeah, so we have a tradition here at DEF CON for first-time speakers where
[01:21.200 --> 01:25.440]  really it's a historical tradition of where we kind of do a shot or a drink with someone on stage
[01:25.440 --> 01:31.060]  to kind of welcome them to DEF CON. So as your first-time speakers, I'd like to, you know,
[01:31.060 --> 01:36.420]  hold up a cup and have a drink here with you both and say cheers and say welcome to DEF CON.
[01:37.160 --> 01:39.480]  Okay. Yep, cheers.
[01:48.960 --> 01:58.380]  That was strong. A little early where you are. Strong coffee. Awesome, awesome. Yeah, so that's great.
[01:58.380 --> 02:03.900]  So let's get into a couple of the questions and everything. First off, right, so we
[02:03.900 --> 02:08.840]  recorded the talk a little bit ago. Really, right, like since you recorded and kind of
[02:08.840 --> 02:13.300]  presented on Mr. Sip here at DEF CON, are there any major changes or updates you kind of want to
[02:13.300 --> 02:23.860]  share with the audience? So first of all, so inside this presentation, DEF CON, we actually
[02:23.860 --> 02:30.240]  show most of the new updates. So they were not published before. So exclusively we presented
[02:30.740 --> 02:38.120]  many other modules and all these demos. They're all new and we first time showed them in DEF CON.
[02:38.120 --> 02:43.400]  Since the video published, like in a week's time, we are still updating the documentation
[02:44.000 --> 02:50.700]  and the YouTube channel we have, Twitter page we have, people can follow, and the GitLab page we
[02:50.700 --> 02:56.540]  use to host the website for the pro version. So these are the recent updates we can say.
[02:56.540 --> 03:01.540]  But other than that, the whole DEF CON experience is the new update. So everything we show is the
[03:01.540 --> 03:06.820]  new content, all these pro features, the new modules. They were not published before and then
[03:06.820 --> 03:17.000]  right now we just introduced them. Awesome, awesome. Yeah, so kind of, I guess also to kick
[03:17.000 --> 03:21.820]  things off here, so kind of what drew you to like VoIP research and SIP security and like kind of
[03:21.820 --> 03:29.680]  the origin for Mr. SIP? Okay, that's a big question, I think. Millie, I would like to answer
[03:29.680 --> 03:36.980]  that and if you would like to add something after that, you're welcome. So Mr. SIP goes back to 2011
[03:37.740 --> 03:45.760]  and one of our meetings with Millie also goes back to one of like 2012 or 2013 interviews because
[03:45.760 --> 03:51.220]  like once I had a job application in Millie's company and he was interviewing me, but there
[03:51.220 --> 03:59.700]  was no SIP at that time, but that is just once we came to meet each other. And around that time,
[03:59.700 --> 04:05.580]  so Millie was working for a big telecom company, one of the biggest in the world, and they had the
[04:05.580 --> 04:11.520]  SIP team and security team there. They were developing one internal tool and with that
[04:11.520 --> 04:18.600]  internal tool, they were also hiring somebody like a research supporter and then in 2012,
[04:18.600 --> 04:25.000]  I think they didn't have NDA and one of that guy who was not hired forked the project
[04:25.000 --> 04:31.000]  and also published some open source modules, but I think the project didn't go too deep
[04:32.080 --> 04:36.500]  because it doesn't have any like... also that's a comparison, I think. We can't say it doesn't
[04:36.500 --> 04:42.880]  have any noble or unique exploits vulnerabilities inside, but Mr. SIP stands out that it is
[04:43.840 --> 04:50.600]  both scientific and practical. It is very interdisciplinary, I would say.
[04:53.300 --> 04:59.120]  It has full automatic modules that does all the vulnerability search,
[04:59.120 --> 05:04.680]  but then in the real world attacks, it is utilizing novel exploits, CVEs that is
[05:05.660 --> 05:12.500]  even just not published before Mr. SIP, so it contains a lot if you compare with other things.
[05:12.880 --> 05:20.280]  But if we go back again 2012 to 2015, Melih worked on a closed source project,
[05:20.280 --> 05:26.340]  different version of Mr. SIP that was kept always private and closed under the company.
[05:26.700 --> 05:32.820]  And by 2015, Melih left the company and he was thinking and by coincidence, we met in Black Hat
[05:32.820 --> 05:38.920]  London 2016. We said, oh, hi, you interviewed me four years ago and I said, oh, how's it going?
[05:38.920 --> 05:43.460]  He said, oh, I quit that company, et cetera. And then this was the story. We said, okay,
[05:43.460 --> 05:49.440]  what is happening, Mr. SIP? He said, I want to program it from scratch, make it bigger,
[05:49.440 --> 05:56.940]  make it like Perp Suite. We had the idea that we could make it just like a real application
[05:56.940 --> 06:04.660]  that every penetration tester is using. That was a dream in 2016. Nowadays, after four years,
[06:04.660 --> 06:11.800]  we have about 10 modules. It is becoming a reality. So we work hard on those programming,
[06:11.800 --> 06:17.020]  software engineering, because it is a big project. It is not one time published application,
[06:17.020 --> 06:21.820]  but it's evolving all the time. And we have lots and lots in the roadmap.
[06:22.380 --> 06:30.100]  First, it appeared many times in arsenals, Black Hat arsenals and some other technical
[06:30.100 --> 06:36.960]  conferences, practitioners conferences. And also many published several research articles
[06:36.960 --> 06:43.960]  during his PhD. So Mr. SIP actually gave him both, I would say, almost like a startup company
[06:43.960 --> 06:55.000]  and a PhD. So there are a lot of, I think, events happened through the history of Mr. SIP. It is
[06:55.140 --> 07:02.860]  a small application. It has several journals behind a PhD work, like a four years of PhD work.
[07:03.100 --> 07:09.000]  Plus, it is becoming almost like a startup. But the main idea is that we keep it open source and
[07:09.000 --> 07:14.360]  we want community to use it and see that how SIP is important,
[07:14.360 --> 07:19.040]  VoIP attacks are important, and how they can just have a reliable tool.
[07:19.860 --> 07:22.300]  Cool. That's awesome. Yeah, there actually is a question in the chat
[07:22.300 --> 07:26.820]  about why does the website for Mr. SIP Pro require signing into GitLab?
[07:26.820 --> 07:31.880]  Is that maybe one of the other ones? Oh, it is, I think, not ready. That's why. So
[07:31.880 --> 07:37.580]  we didn't want Google to index something that is like a demo content because we have the template
[07:37.580 --> 07:43.500]  now imported in GitLab and it is getting updated. We are keeping it. But we didn't want to show it
[07:43.500 --> 07:49.980]  half missing. So it is just ongoing. It's very new. And we wanted to include the link because
[07:49.980 --> 07:56.840]  the DEF CON video will remain online and maybe next week it will be open, the website,
[07:56.840 --> 08:05.100]  the Mr. SIP Pro website. But right now, it is still ongoing. That's why it requires sign-in.
[08:05.100 --> 08:09.920]  Even if you sign in, it will say you're not authorized. But I think I'm happy if people
[08:09.920 --> 08:15.920]  go and sign up to GitLab. GitLab is cool. It's free and it allows a lot of things.
[08:15.920 --> 08:19.240]  Awesome, awesome. Yeah, so we'll move on to...
[08:20.060 --> 08:21.060]  Yep, so...
[08:21.060 --> 08:26.460]  Sorry, I was just saying sorry for those users who are trying to get into the website. I'm
[08:26.460 --> 08:31.540]  sorry that we are struggling because of this. Sorry, I interrupted you.
[08:31.540 --> 08:35.960]  You're good. No, that shows interest, right? It's good. Everyone's excited.
[08:36.820 --> 08:42.380]  Yeah, so another question from the chat. So if you're aware that someone's going to use an attack
[08:42.380 --> 08:48.220]  using Mr. SIP, so imagine you're on a blue team, right? Or in the SOC, what would you suggest as
[08:48.220 --> 08:51.200]  the first line of defense to protect yourself or your company?
[08:54.860 --> 09:01.160]  I think... Okay, I will say something maybe, but feel free. I take the first sentence and
[09:01.160 --> 09:09.560]  feel free to add after me. I think when they do penetration testing inside the company,
[09:09.560 --> 09:15.380]  let's say they are using Mr. SIP and they are trying to find vulnerabilities and all
[09:16.360 --> 09:21.780]  tests, one of the defense they could do is, like we also mentioned in the presentation,
[09:21.780 --> 09:28.420]  that awareness, the password policy awareness. So usually it is the lowest priority in the
[09:28.420 --> 09:35.340]  companies and security policies. And a strong password policy is really necessary. But when
[09:35.340 --> 09:41.860]  we look at SIP itself, it is vulnerable. So there are some of the aspects that are unavoidable,
[09:41.860 --> 09:48.040]  like there will be VoIP attacks and there will be almost no defense if you deploy a sophisticated
[09:48.040 --> 09:55.620]  attack. So there is not much to do, but they could do the standards like monitoring and actively
[09:56.140 --> 10:00.780]  having some security researchers looking at things and lots of awareness, I think, inside
[10:00.780 --> 10:07.320]  the company, strong policy for passwords. All these things are, I think, good for defense,
[10:07.320 --> 10:10.640]  but I'm not sure. Maybe you want to add something, maybe?
[10:10.760 --> 10:18.520]  Yeah, using VoIP specific security parameters like VoIP application firewall or
[10:21.020 --> 10:24.820]  VoIP IPS should be beneficial.
[10:25.820 --> 10:26.620]  Yeah.
[10:28.800 --> 10:34.400]  Cool, cool. Appreciate that. Yeah. So we'll go one other question here.
[10:34.940 --> 10:38.660]  Right. So if you have a lot of experience, obviously looking at kind of SIP and VoIP
[10:38.660 --> 10:42.880]  attacks and everything, would you say that there's any device or companies out there
[10:42.880 --> 10:46.800]  you'd recommend over another to kind of do a better job of protecting against like the
[10:46.800 --> 10:48.760]  attacks that are in Mr. SIP?
[10:49.620 --> 10:57.920]  Okay. I think I will give this question to Mili by adding some on that. So maybe when we recommend
[10:57.920 --> 11:02.220]  or think about the company, it is the client applications and the server applications we can
[11:02.220 --> 11:09.800]  talk about. I would think they're mostly similar, but Mili, what do you think about the companies
[11:09.800 --> 11:15.480]  like SIP servers or other companies deploying SIP products? What do you think about them?
[11:17.260 --> 11:23.040]  I couldn't get the exact question, but could you put a summary?
[11:23.700 --> 11:31.800]  Yeah. Like I think, what I think is, so at the end, our attacks are against the SIP protocol.
[11:31.800 --> 11:36.900]  It is not for products. And I think every product is vulnerable over there. So it is not product
[11:36.900 --> 11:42.560]  based thing. Also because I think inside the clients or servers, they don't have any
[11:46.800 --> 11:53.480]  defense mechanisms deployed in the server. So they have to get additional defense mechanism.
[11:53.800 --> 11:58.960]  But Mili, what I'm thinking is, do you have more experience on that? What do you think
[11:58.960 --> 12:06.160]  if any SIP servers, some brands or products are better than other ones? Do you recommend any of
[12:06.160 --> 12:18.150]  them? It's not appropriate to say to bring some vendors.
[12:19.990 --> 12:27.570]  Yep. Yeah. No worries. No worries. That's fine. Yeah. So for someone who's kind of, let's say,
[12:27.570 --> 12:33.750]  isn't as familiar with the SIP space or VoIP attacks, maybe they're more used to using some
[12:33.750 --> 12:38.750]  standard things against Windows or Linux. I guess, how would you recommend someone start to
[12:38.750 --> 12:43.990]  learn and kind of experiment or come into, what kind of resources would you recommend for someone
[12:43.990 --> 12:53.990]  starting to look at SIP or VoIP style of attacks? Other than just saying, use Mr. SIP.
[12:54.910 --> 13:00.170]  Oh, okay. Yeah. I think one of the things they can definitely deploy the environment,
[13:00.170 --> 13:06.650]  the lab environment, where they can simulate or emulate the SIP servers and the client.
[13:06.810 --> 13:13.150]  So they can have, because nobody has this all SIP deployment at home, but every company has it. So
[13:13.150 --> 13:19.830]  my university at Oxford, we have this SIP servers, clients, and it would be really easy, I think,
[13:19.830 --> 13:25.670]  to hijack the professor's phone and then do these things. But at the end, for a new starter to
[13:25.670 --> 13:31.870]  experiment, it is not going to be possible to deploy or have a SIP deployment at home. Nobody
[13:31.870 --> 13:38.070]  does that, but they can definitely emulate something on their computer. And there are
[13:38.070 --> 13:43.190]  many tools for that, that they can start generating SIP messages on their local server
[13:43.190 --> 13:49.070]  and they can run virtual machines. So you take some virtual box, few instances, one of them is
[13:49.070 --> 13:54.430]  server, it has an IP address, other one is few clients, et cetera. And then imagine one virtual
[13:54.430 --> 14:00.070]  box is calling another one. And while doing so, you have another virtual box, which is Kali Linux.
[14:00.070 --> 14:04.770]  And then this one is that hacker machine, gets access to network and they can play with it. So
[14:04.770 --> 14:10.890]  they can watch the start, watching the network messages and play with it. I think new beginners
[14:10.890 --> 14:21.450]  could do that and that would be fun. Yeah. Also reading the first SIP RFC is very beneficial.
[14:22.970 --> 14:29.850]  As a virtual SIP PBX, they can use any kind of Asterix-based SIP PBX, such as
[14:30.410 --> 14:33.110]  Trixbox or FreePBX, et cetera.
[14:35.390 --> 14:46.310]  Awesome. Yeah. So there's a question in the chat from RPTK2015. Can you expand a little bit
[14:46.310 --> 14:52.330]  about Wholesale VoIP, Carrier Voice, and Call Shop, the attacks that were mentioned in the
[14:52.330 --> 15:00.370]  talk in context of registration hijacking? Yeah. So I would like to give some quick summary on
[15:00.370 --> 15:07.390]  that because it is a real incident, first of all. And Millie was also one of the investigators
[15:08.070 --> 15:14.730]  and an expert preparing technical reports on it, like in a real million dollar
[15:14.730 --> 15:20.630]  hijacking. So they found out how the hackers did it. And now also in DEF CON, we show how they did
[15:20.630 --> 15:27.990]  it. So what happens is the steps are simple, I think. So the hackers should get into the
[15:27.990 --> 15:34.750]  company network. That is, I think, one of the preconditions. And then with using MrSIP,
[15:34.750 --> 15:42.410]  they can enumerate the users, break the passwords, get into or collect all the user's
[15:44.070 --> 15:49.630]  credentials. That is the step. And that is not difficult by using MrSIP. Everything is automatic.
[15:49.630 --> 15:56.870]  Once the hackers collect enough information about the users, what they do is that they can
[15:56.870 --> 16:04.910]  start selling whenever the users are sleeping or not using their lines or the accounts, let's say.
[16:04.910 --> 16:11.070]  The hackers can start selling their accounts and just charge all these things into the company
[16:11.070 --> 16:17.210]  because the company has the infrastructure that is running. And if they allow calls to,
[16:17.210 --> 16:21.530]  let's say, other countries, the hackers can just, without running any infrastructure,
[16:21.530 --> 16:27.270]  telecom infrastructure, they can just charge them and make calls on behalf of all these stolen
[16:27.270 --> 16:33.430]  users. And at the end, maybe three months later, the company will realize, okay, there were all
[16:33.430 --> 16:39.910]  these frauds going on. They will detect, but it will be too late because the guys, the hackers,
[16:39.910 --> 16:46.350]  already make, I think, millions easily by selling a few months of utilizing this telecom
[16:46.350 --> 16:52.850]  infrastructure for a few months. So what they can do, they can, for example, run a local phone call
[16:52.850 --> 16:58.390]  shop. Imagine one of the corner shops that says, okay, you can make international calls.
[16:58.390 --> 17:04.490]  And they might be using actually one of the other big company infrastructure and underground,
[17:04.490 --> 17:10.170]  like maybe stolen credentials. And you still go and pay them and make the call. And it is maybe
[17:10.170 --> 17:15.870]  long distance call, super expensive thing. And they charge small money, but because they don't
[17:15.870 --> 17:22.470]  pay anything for the infrastructure. And because everything is free and quickly, as much as they
[17:22.470 --> 17:28.750]  can, they start selling those services and many other things. They are very creative, right?
[17:28.750 --> 17:36.270]  Creative people. So that's basically it. So a few months, I think it will take until a company
[17:36.270 --> 17:42.510]  realizes, okay, why our bills are much higher than usual or the traffic going on too much.
[17:42.510 --> 17:46.450]  And then that will happen. I think that is the story. Like that is how...
[17:47.570 --> 17:53.470]  Also, even if they understand that they need to pinpoint the problem, exact problem,
[17:53.470 --> 17:58.270]  because they still don't know about the fact. This is also a very common
[17:59.070 --> 18:03.890]  hacking story in the real life. So I experienced a lot.
[18:06.830 --> 18:12.230]  Melih, can I ask you a quick question? So do you think not only the telecom companies,
[18:12.230 --> 18:16.590]  I think the banks can have this or what other type of companies can have this type of
[18:16.590 --> 18:21.630]  call fraud? Because if a bank has the infrastructure for their own use, and if
[18:21.630 --> 18:27.610]  they allow with the tip trunks, external calls, so they can also be the victim of this type of
[18:27.610 --> 18:32.530]  fraud, right? Yes, exactly. Banks and other companies. It's not only the telecom companies,
[18:32.530 --> 18:37.110]  so many other companies can suffer. Many companies, any enterprises running
[18:37.110 --> 18:45.610]  voice over IP and making outbound calls to internet can be vulnerable for that kind of attack.
[18:46.390 --> 18:52.650]  Mm hmm. Cool, cool. Yes, we have another question from the chat from ThoughtSeeker.
[18:52.650 --> 18:58.810]  Oh, great. Do you recommend using session border controls in front of critical SIP infrastructure?
[19:01.770 --> 19:06.490]  Well, I can reply to this question. Yeah.
[19:07.170 --> 19:14.670]  SPCs, the session border controllers are very common in internet service provider level
[19:14.670 --> 19:22.410]  companies, not for enterprises, maybe. They are expensive as far as I know, but it's very
[19:22.410 --> 19:28.630]  beneficial. It's working like a SIP firewall, SIP application firewall. So it's one of the
[19:29.310 --> 19:42.670]  best SIP security firewall type, I can say. Cool. Awesome. Yeah. So something else.
[19:42.670 --> 19:48.310]  So just kind of pondering, what do you think is probably the most significant attack someone
[19:48.310 --> 19:52.870]  could kind of do using SIP VoIP traffic? What do you think that maybe would be the
[19:52.870 --> 19:55.950]  most impactful or significant thing you could see someone trying to do?
[19:56.750 --> 20:03.810]  Right. Mehdi, do you want to answer that? I have some stories, I think, but we can both,
[20:03.810 --> 20:12.650]  I think, elaborate on this. What do you think? In the service provider level, there are many fraud
[20:12.650 --> 20:25.450]  type attacks, but for enterprises, telephony DOS is one of the most powerful attack,
[20:25.810 --> 20:32.510]  most impactful attack. So there are many different kinds of
[20:32.510 --> 20:39.790]  telephony DOS attacks you can run using VoIP systems.
[20:40.510 --> 20:48.350]  Mm-hmm. Yeah, I think, so in the DOS denial of service attacks,
[20:48.350 --> 20:53.550]  Mr. SIP is very skilled because we have so many protocol level vulnerabilities
[20:54.110 --> 20:59.670]  being published and getting also published. And that is one of the area that Mr. SIP is
[20:59.670 --> 21:08.510]  very powerful. It has very unique novel attacks, built-in modules. And by doing so, I would say,
[21:09.790 --> 21:15.970]  DOS is definitely one of the impactful, but at the same time, inside Mr. SIP, we have the
[21:17.590 --> 21:22.530]  advanced scenarios that where you want to make an impact without knowing anything,
[21:22.530 --> 21:26.210]  full automatic scenario that you want to attack to an infrastructure,
[21:26.210 --> 21:33.570]  all these advanced custom scenarios. We have a mechanism to write and prepare your attack.
[21:33.590 --> 21:38.950]  And then Mr. SIP will automatically follow all the attack and you will not do anything. But let's say
[21:38.950 --> 21:45.930]  put a Raspberry Pi into the company network, leave it there. Maybe a month later, nobody is
[21:45.930 --> 21:51.470]  there, but it will begin an attack, deploy the full automatic attack. And any of those, imagine
[21:51.470 --> 21:57.330]  the fraud infrastructure running, maybe you can build a VPN server inside, make a tunnel outside
[21:58.810 --> 22:06.230]  and play a lot with this. And then anytime you want to distract people, you can place a DOS attack
[22:06.230 --> 22:15.070]  and any other stuff. We couldn't have a chance to make demonstration for our
[22:15.690 --> 22:22.690]  attack scenario player, but it's the module of Mr. SIP, new module of Mr. SIP. And we have added
[22:22.690 --> 22:29.770]  some predefined attack scenarios, including D-DOS, telephony D-DOS type of attacks. And one of them
[22:29.770 --> 22:36.090]  is like, just by sending one SIP invite message, we can occupy the SIP server for
[22:36.890 --> 22:44.310]  64 seconds. I just gave theoretical information about that kind of attack, which was a novel
[22:44.310 --> 22:50.270]  attack and we have published it in our academic research papers.
[22:52.130 --> 22:59.450]  Yeah. Cool. Yeah. So we're coming near the end, but yeah. Is there anything in particular you
[22:59.450 --> 23:03.810]  really wanted to add that you kind of ran out of time to cover in the talk? Anything you really
[23:03.810 --> 23:10.190]  want to make sure you share with everyone here? I think I would recommend everybody and all the
[23:10.190 --> 23:15.210]  SIP community to support and give us the feedback. That is one of the important things,
[23:15.910 --> 23:21.110]  because Mr. SIP is not a one-time tool, it's evolving. And last four years, I think we showed
[23:21.110 --> 23:28.290]  the good progress. And in the next few years, there will be a lot of new modules and novel
[23:28.290 --> 23:34.770]  attacks coming up, because our roadmap is huge. Even though we still say some of the parts,
[23:34.770 --> 23:42.390]  I know what Melih has, and we discuss all the night. We have huge abilities.
[23:42.390 --> 23:49.010]  We will keep integrating into Mr. SIP. And we would like to tell the community
[23:49.010 --> 23:55.010]  that they should definitely follow and tell us how we can cooperate, how they can join.
[23:55.010 --> 24:02.910]  They are most welcome to help Mr. SIP and take a part, active role, so that we can make it
[24:02.910 --> 24:11.110]  better. But the point that we should not miss is definitely follow and communicate, because there
[24:11.110 --> 24:18.490]  are a lot coming. Awesome, awesome. Yeah, I guess the last kind of question, I guess, to wrap
[24:18.490 --> 24:23.870]  things up. So if folks want to learn more, right, or want to contribute, like you were saying,
[24:23.870 --> 24:29.370]  what's the best way for them to kind of reach out? What's the best contact, like through the GitHub
[24:29.370 --> 24:34.750]  or Twitter, or what's your preferred means of communication? We can share links as well in the
[24:34.750 --> 24:50.100]  chat. So definitely GitHub is our first point of contact that we have the public version,
[24:50.100 --> 24:57.300]  open source version. The pro version is right now private. We are also open sourcing gradually
[24:57.300 --> 25:04.740]  the pro version modules. They will get into the public domain at some point. But GitHub is
[25:04.740 --> 25:09.810]  definitely useful. We have the links in the slide. Twitter is definitely a good contact.
[25:10.140 --> 25:17.020]  Private mail address or Meli's personal accounts, they are definitely good contact points. We are
[25:17.020 --> 25:22.760]  very active, and we will likely not miss anything that anybody uses any of the
[25:23.780 --> 25:31.260]  point of contact in social media. Mr. Sip account, our personal details, personal accounts,
[25:31.260 --> 25:39.080]  most welcome. I think we don't mind. There is no official or crazy strict rules on how to reach,
[25:39.080 --> 25:45.020]  it's just code, like easy. Awesome. Meli, do you want to add something on?
[25:47.020 --> 25:56.460]  I can add one more thing. People just asking about demo, and we will share
[25:57.220 --> 26:02.280]  new demo videos on our YouTube channel most probably next week.
[26:03.280 --> 26:11.020]  Yeah, I think that is very important that we should tell, yeah. Because in the Defcon video,
[26:11.020 --> 26:17.000]  I think the fonts were small, that was not very readable. It's HD and high definition,
[26:17.000 --> 26:24.340]  if they actually watch HD quality, they will see, they will be able to read everything. But we will
[26:24.340 --> 26:31.680]  also publish the videos of all the modules and all these attacks, bigger fonts, maybe slowly in
[26:31.780 --> 26:37.320]  a better quality. They will come and we recommend that, I think. Definitely, they should be watching
[26:37.320 --> 26:41.480]  the YouTube channel. Awesome, awesome. Yeah, I definitely think that'd be helpful.
[26:43.320 --> 26:47.560]  Cool. Well, if there's no last minute thoughts from either of you,
[26:48.100 --> 26:52.440]  I would really just say thank you for joining us for Defcon. Thank you for participating
[26:53.160 --> 26:59.000]  from remote places, again, not in Vegas. And yeah, and look forward to running into
[26:59.000 --> 27:04.000]  you in a future Defcon, hopefully in Vegas in person. And otherwise, just really want to
[27:04.000 --> 27:09.920]  thank you and stay safe out there. Thank you, guys. Yeah, we would like to thank
[27:09.920 --> 27:17.740]  everybody there. Yeah. I think the Defcon team helped a lot through this online experience,
[27:17.740 --> 27:24.680]  Pardus and Nikita and everybody taking role there. And thank you guys for helping and
[27:24.680 --> 27:31.760]  arranging all these things, even in last minute that in all these difficult times.
[27:32.520 --> 27:37.500]  Awesome. Well, thanks. And again, everyone stay safe out there. Cheers.
[27:37.500 --> 27:38.720]  Thank you. Thank you.
